saas

Software is eating the world, and doing so using smaller and smaller teams. WhatsApp was able to disrupt the global SMS industry with only a few dozen engineers. Small teams can have a big impact because software development (and deployment) has improved dramatically over the past decade. Some improvements include:

Infrastructure. Deploying a commercial website ten years ago required significant upfront capital. Now you can spin up virtual servers in minutes. Upfront costs are close to zero and ongoing costs are orders of magnitude lower than before.

Open Source. Open source dominates every level of the software stack, including operating systems (Linux), databases (MySql), web servers (Apache), and programming languages (Python, Ruby). These are not only free but generally also far higher quality than their commercial counterparts.

Programming languages. Developers have steadily marched upwards from Assembly to C to Java to, today, scripting languages like Ruby and Python. Moore’s Law gave us excess computing resources. We spent it making developers more effective.

General-purpose tools for non-programmers. In the pre-Internet era, tools like Hypercard and Visual Basic allowed hundreds of millions of semi-technical people to become software developers. Since then, there hasn’t been much work in these areas, but from what I’ve seen that might change soon. By allowing more people to program, these tools act as a force multiplier for the software industry.

In all likelihood, the demand for software development will continue to dramatically outpace the supply. If so, “software eats software development” will be an exciting area going forward, with lots of valuable startups created in the process.

Building an enterprise software company used to be largely about sales, because enterprise software was sourced and purchased by high-level business people. Those business people needed to be charmed and convinced, an activity that was distasteful to many technologists.

Internet-based delivery (“SaaS”, “cloud”) dramatically lowered installation costs, letting individuals or small groups buy software on discretionary budgets or use basic versions for free. As adoption spread throughout the organization, the value of the software eventually percolated up to high-level business people who could write large checks to get features big companies need, such as administration, security, integration, compliance, and support. This ”bottom-up” approach was pioneered by Salesforce and open source companies like MySql. Recent enterprise success stories also follow this model, e.g. New Relic, Yammer, Twilio, and Github. Many of these companies have processes that would have seemed crazy ten years ago – e.g. sales people only handle inbound inquiries or only call customers who already use their product.

Thus enterprise software went from being about sales (one-to-one) to being about marketing (one-to-many). Marketing requires crafting a compelling message, figuring out the right channels and then optimizing. But the most effective marketing is a compelling product that can be easily tried. As a result, as Benchmark’s Peter Fenton said recently: ”We’re seeing a fundamental shift from sales-driven companies to product-driven companies. The companies that are leading the way there let this consumer and product focus permeate the culture of their companies.”

One of the most visible manifestations of this shift is the refreshingly accessible language on modern enterprise websites. Sales-driven enterprise software companies speak the arcane language of CIOs. Marketing-driven companies talk directly to business users (e.g. Yammer) or developers (e.g. Github).

This is good news all around. Enterprises are more likely to get software that incorporates the advances made over the last decade in consumer software. Startups get a shot at creating this software, and get to do so on a fairly level playing field. The product and marketing focus should also attract a lot more technologists who were turned off by sales. The only losers are incumbents who continue to pursue the old model.

In my opinion, enterprise technology is WAY behind consumer technology for one reason: because it can be.

In a [B2B] transaction, one good salesperson (the “seller”) only has to sell one person (the “buyer”) on the value of the technology. Once the product is sold, the buyer forces their 50,000 employees to use that technology whether they like it or not. A good salesperson with a good deck can do this fairly reliably.

And a good account manager can typically retain the client for a while; employees usually get used to the product and rarely complain enough for the buyer to cancel the contract and force the seller to improve the product. As a result, an enterprise product can suck and still flourish.

With a B2C product, this is much, much more difficult. The seller has to sell 50,000 individual “users”, one by one, on the value of the product without the luxury of a face to face meeting or 18 holes on the golf course. The B2C model forces the seller’s product to “sell itself”. As a result, a consumer product can’t suck if it wants to flourish. It has be good. Much better than the enterprise product needs to be.

Fortunately, as I discussed yesterday, trends like cloud-based delivery (aka SaaS) are starting to align the interests of enterprise users and buyers.

This post is about computer security. Before your eyes glaze over, let me say that – without using any security jargon – I’m going to try to convince you there is a significant security issue on the horizon that will affect every almost every business that stores valuable data on computers.

Willie Sutton was a bank robber who, when asked “Why do you rob banks?” replied “because that’s where the money is.” This quote is famous enough that some people call it Sutton’s law. On the internet, Sutton’s law means the bad guys will try to hack where the valuable data is stored.

One of the major trends in the technology world is “cloud computing” or a related concept “Software-as-a-Service (Saas)”. The idea is instead of installing software within your company’s own network it is hosted by a service provider and you access it via a web browser. SaaS applications are popular because they are much easier to use, install, maintain, and access. The most prominent examples are probably Salesforce and Google Apps. But the SaaS revolution is happening to almost every corporate application – HR, accounting, project management, bug tracking, and so on.

As a result, there is a giant migration of data going on. We are moving from a world where everyone kept valuable data within their network to a world where all of their data is in SaaS providers’ databases.

Sutton’s 2nd law is that where there is lots of money, bad guys find a way to get to it (ok I made up the name for this law – but it should have a name). When kings had piles of gold in their castles, people found a way across the moats and through the gates. The same is true of people robbing banks, and the same will be true of SaaS providers’ databases. It could be an inside job, someone leaving a “door” open, or just clever hacking – but you can rest assured if with a giant pile of gold sitting there, the bad guys will get it (in fact it’s already started).

We have gone from a world where everyone hid money under their mattress and protected it with an alarm system and shotgun to a world where all the money is in just a few places, run by people who have no particular expertise providing security, who for the most part deny there is any risk. SaaS providers like Salesforce just dismiss the security risk, saying, in essence, that they have alarms and shotguns too.

It’s a powder keg waiting to explode.

Disclosure: I invested in a stealth mode security company that addresses this problem. Perhaps that makes me biased. I prefer to think of it as evidence that I believe what I’m writing here.